The left column shows the time of entry on your system. General rule the earlier you stop it the less amount of harm malware can do. The right four colums show decreasing protection (and pitty often increasing configuration effort). Hardening is generally passive protection, Blacklist is active protection of KNOWN treaths, Behavior is active protection against suspicious behavior (but allows the malware to enter), Whitelist allow only th eknown good ones or redirect/buffer/stop the ones that are untrusted/isolated like sandboxes or virtualisation programs do (is called an "inverted" whitelist).

Antispyware programs could be rated at the process level/vulnarable os-file (as registry watchers/prrotectors for instance).

The setup I use on our home PC's is illustrated below.

Explanation of different choices:
PC2 is of son, likes to download/try programs, that is why he choose CyberHawk over SSM free. He likes to have control over his sanbox and wants the sandbox to be fast, that is why he choose GeSWall pro

PC1 is of wife, does not want pop-ups, does not try out programs (uses the PC for functionality like downloading music files, ordering on-line). That is why SSM-free runs with user interface disconnected and SensiveGuards is told to deny access in stead of popping up a warning).

On PC2 we have some overlap (SensiveGuard monitors behavior and outbound traffic, CyberHawk also pop-ups a warning when a program initiated to the Internet), that's why it is yellow (I do not like overlap, consumes CPU)